Using Mitm attack to gain acces to a box using Fragrouter, Metasploit and Ettercap fi

If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Using Mitm attack to gain acces to a box using Fragrouter, Metasploit and Ettercap fi

Hey again guys

Here we go again!! In this tut I will try to explain how I used metasploit to gain access to a windows XP SP2 box using ettercap filters. A reason somebody might use this way to gain access is because there is no interaction with the victim .

Once again I hold no responsibilities to what people do with this information. DO NOT email me / PM me or post here asking any member of this forum how to use this attack against a real victim!

Now lets begin

First lets fire up metasploit, we will use the nice and easy msfweb for this tut. Go to backtrack >> Penetration >> Metasploit framework3 >> msfweb

And you should see metasploits web interface. Now do a search in exploits for "internet". Now for this tut I'm going to use the MS03-020 Internet Explorer Object Type exploit. You can use this one or try others. Select the target explorer and now we can choose a payload. And this ones up to you but for EG I will use the windows/meterpreter/reverse_tcp payload. Now lets setup the hack. for SRVHOST input your own IP and the rest is down to what payload you chose. For the example payload set LHOST to your IP too and then hit exploit.

Open kwrite and paste the url (in your screen lol not the post) and lets move on....

Now lets setup our ettercap filter. You can make your own up or use mine below, In my filter I have chose to attach my url to a "img src=" tag. This is because you can guarantee that every web site viewed by the victim is going to contain this tag. You can play with different filters and all dat

I think I see where your going with this but you do know that that actual exploit has been patched for a while. I'll be interested to read the rest. I am currently sitting through a version of camelot where Lou Diamond Phillips is the lead actor and I am excruciatingly bored.

Of course, this won't help ordinary members, but they can at least request a mod to change a title for them - At the moment I'm not aware of any other way for users to change their own thread titles. I don't think it's something everyone will want to be doing all the time though, so getting a mod to do it for them will probably suffice.

Here is a partial quote from another thread where we were discussing this very thing.

Originally Posted by Re@lity View Post
Of course, this won't help ordinary members, but they can at least request a mod to change a title for them - At the moment I'm not aware of any other way for users to change their own thread titles. I don't think it's something everyone will want to be doing all the time though, so getting a mod to do it for them will probably suffice.